CVEFinder.io

CVE-2024-36451

⚠️ high
🔍 Scan for this CVE
Summary

Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked by an unauthorized user. As a result, data within a system may be referred, a webpage may be altered, or a server may be permanently halted.

CVSS Score
8.8
High
EPSS Score
0.2
Exploit Probability
Published Date
2024-07-10
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 81.1% of all 330,193 vulnerabilities in our database.

#62,466
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: Jul 10, 2024
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2025-10-08
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-280

📦 Affected Products 1

Vendor Product Status Affected Versions
webmin webmin Affected
< 2.003

🔗 References 2

https://jvn.jp/en/jp/JVN81442045/
Third Party Advisory
https://webmin.com/
Product

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-22678 🔶 medium 5.4 0.0 Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the ... 2026-05-21
CVE-2025-67738 ⚠️ high 8.5 0.1 squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module a... 2025-12-11
CVE-2025-61541 ⚠️ high 7.1 0.1 Webmin 2.510 is vulnerable to a Host Header Injection in the password reset functionality (forgot_send.cgi). The reset l... 2025-10-16
CVE-2024-12828 ⚠️ high 8.8 21.7 Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute ... 2024-12-30
CVE-2024-45692 ⚠️ high 7.5 0.1 Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000. 2024-09-04
CVE-2024-36450 🔶 medium 5.4 0.2 Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exp... 2024-07-10
These CVEs affect the same products